#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:=$(dirname "$0")}

source "${TESTDIR}/common"

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -f "${cert}" "${pwdfile}"
}

cert="$(mktemp)" || exit 1
pwdfile="$(mktemp)" || exit 1

function check_cert_size()
{
	local cert="$1"
	local exp="$2"

	local size

	# Unfortunately different GnuTLS versions may create certs of different
	# sizes; deactivate this test for now
	return

	size=$(stat -c%s "${cert}" 2>/dev/null)
	if [ "$size" -ne "$exp" ]; then
		echo "Warning: Certificate file has unexpected size."
		echo "         Expected: $exp;  found: $size"
	fi
}

if ! VARNAME=password ${SWTPM_CERT} \
	--signkey "${TESTDIR}/data/signkey-encrypted.pem" \
	--signkey-pwd env:VARNAME \
	--issuercert "${TESTDIR}/data/issuercert.pem" \
	--out-cert "${cert}" \
	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	--days 3650 \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1224

# truncate result file
echo -n > "${cert}"
echo "Test 1: OK"

if ! ${SWTPM_CERT} \
	--signkey "${TESTDIR}/data/signkey-encrypted.pem" \
	--signkey-pwd file:<(echo -en "password") \
	--issuercert "${TESTDIR}/data/issuercert.pem" \
	--out-cert "${cert}" \
	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1302

# truncate result file
echo -n > "${cert}"
echo "Test 2: OK"

if ! ${SWTPM_CERT} \
	--signkey "${TESTDIR}/data/signkey-encrypted.pem" \
	--signkey-pwd pass:password \
	--issuercert "${TESTDIR}/data/issuercert.pem" \
	--out-cert "${cert}" \
	--pubkey "${TESTDIR}/data/pubek.pem" \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1367

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > "${cert}"
echo "Test 3: OK"


###################### Platform Certificate #####################

echo -en "password" > "${pwdfile}"
exec 100<"${pwdfile}"
if ! ${SWTPM_CERT} \
        --type platform \
	--signkey "${TESTDIR}/data/signkey-encrypted.pem" \
	--signkey-pwd fd:100 \
	--issuercert "${TESTDIR}/data/issuercert.pem" \
	--pubkey "${TESTDIR}/data/pubek.pem" \
	--out-cert "${cert}" \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--platform-manufacturer Fedora \
	--platform-model QEMU \
	--platform-version 2.1; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1411

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > "${cert}"
echo "Test 4: OK"
